Planks are God’s gift to people with low back pain, which is the third most expensive medical condition in the United States. More than $57 billion a year is spent on low back pain, behind only diabetes and heart conditions.

The key to planks is they strengthen the core muscles — the muscles in the front, the six-pack that everyone wants — and the back at the same time.

If you don’t do them right, planks can actually hurt. Here’s how to do planks better:

Stay firm. The idea of a plank is like a plank of wood. You don’t want to be a wilting flower.

Don’t sag. You should feel some lift in your butt as you contract your core muscles.

But don’t pike, either! Keep your hips in line with your shoulders.

Relax your shoulders. People tend to be too tense in the shoulders and scrunch up. Be sure your shoulder blades are wide on your back.

Keep your hands and forearms aligned with your shoulders.

Relax your hands. Don’t grip your fingers.

Put your forearms on the ground for a somewhat easier plank. Do a full push-up position to increase difficulty.

I recommend 3 minutes of planks a day to give yourself a better life: One minute center, one minute on each side. But you can start with 30 seconds, and you can try it with bent knees like an assisted push-up.

Hackers may have a new target in their sights—one that’s just as central to everyday life as computers are.

Our cars.

As vehicles fill up with more digital controls and internet-connected devices, they’re becoming more vulnerable to cybercriminals, who can hack into those systems just like they can attack computers. Almost any digitally connected device in a car could become an entry point to the vehicle’s central communications network, opening a door for hackers to potentially take control by, for instance, disabling the engine or brakes.

There have been only a handful of successful hacks on vehicles so far, carried out mostly to demonstrate potential weaknesses—such as shutting down moving a car and taking control of another’s steering. But security experts paint a grim picture of what might lie ahead. They see a growing threat from malicious hackers who access cars remotely and keep their doors locked until a ransom is paid. Cybercriminals also could steal personal and financial data that cars are starting to collect about owners.

Or they might get even more ambitious. Some experts warn of a day when millions of fully internet-connected vehicles will be at risk of being hijacked remotely. A mass hack could be catastrophic for the self-driving cars of the future, especially if those cars don’t have steering wheels or other backup systems to let drivers take manual control.

Now the auto industry and lawmakers are rushing to meet these threats. Congress is proposing new standards that car companies must meet to guard against cyberattacks. Car makers are beefing up their software to make their vehicles tougher to hack, as well as reaching out to benevolent hackers to help them identify potential security flaws.

While there are disagreements among manufacturers and security experts about the exact magnitude of the possible threats, there is a widespread consensus that action is needed immediately to minimize risks.

Cyberintrusions have given auto makers a “wake-up call” over the past five years, says Phil Jansen, Fiat Chrysler ’s FCAU, -0.34% vice president for North American product development. “It has caused us to rethink how we set up architectures” for vehicle electronics.

The new vulnerability comes as auto makers are increasingly using software to control features and functions that have long been dominated by hardware, such as braking, gear shifting and throttle control. It represents a seminal break from the mechanical hydraulic systems of the recent past, one that began with the introduction of electronically controlled fuel injection in the late 1960s.

“Software is rapidly replacing hardware,” says Colin Bird, a senior automotive industry analyst at IHS Markit Ltd. INFO, -8.64% “More than 50% of a car’s value today is defined by software, and that is continuing to increase.”

The digital features go far beyond rudimentary diagnostic monitoring systems standard in most cars on the road. Newer cars have modems enabling internet connectivity; today, these are used mostly used for entertainment, but they are fast evolving into portals for software upgrades of critical systems and for sending data to cloud-computing networks.

Even older models can be retrofitted with Wi-Fi routers and Bluetooth modules that create wireless networks in and around a car, enabling drivers to do things like answer phones hands-free, determine how many miles are left in the tank before the next refill and stream videos to the children in back seats.

Cybersecurity experts say this has made cars far more like personal computers, with all the vulnerability that comes with that. Yet until recently, network security was largely treated as an afterthought—the systems were designed to give auto mechanics access to a car’s functions, not fend off criminal hackers.

A handful of widely publicized attacks has demonstrated that vulnerability, including a 2014 incident involving a Jeep Cherokee. Hackers looking to point out potential vulnerabilities found a password to a Wi-Fi hot spot and cellular connections used in the Jeep’s central display and entertainment system. From there, they accessed the car’s internal computer network and took control of functions ranging from the door locks and window wipers to electronically assisted steering. That prompted the recall of 1.4 million vehicles by Fiat Chrysler Automobiles, and served as a warning to the industry that car networks are no longer islands unto themselves.

Earlier this year, researchers at Argus Cyber Security Ltd. remotely shut down a car’s engine using a Bluetooth-enabled device that monitors engine performance and downloads vehicle data, made by German auto-parts supplier Robert Bosch GmbH. The company says the device was in limited distribution and that it immediately sent out a patch to fix the flaw. Separately, Bosch said recently that it has developed an encrypted standard for over-the-air software upgrades in vehicles.

Recently, cyber sleuths at security provider Trend Micro Inc. TMICF, -4.04% disclosed a flaw in almost all cars from the past 30 years that makes any number of safety features—such as anti-lock brakes—vulnerable to attack. First, however, hackers need to gain access to a car’s internal communication network by compromising a device connected to it, such as a smartphone or USB adapters. But once inside, researchers found they could shut down critical systems relatively easily by mimicking—or spoofing—error messages on the central communications network standard in most cars.

No simple fix

“There’s no simple fix,” says Mark Nunnikhoven, vice president of cloud-computing research at Trend Micro. “This kind of internal network was never meant to be connected the way it is now.”

Another immediate concern for safety experts is customer data. Auto makers are setting up cars to collect and transmit a wealth of detailed information such as the auto’s location, speed and even the driver’s alertness—in other words, how, where and in what condition someone drives. Industry officials say car makers are preparing to roll out connectivity packages allowing owners to interact with service providers and, for example, make purchases by credit card from the car while on the road.

All of which could make that information a hacking target for spam-based marketers or thieves looking to hijack people’s credit cards or blackmail them using personal information about their whereabouts or state of health.

Privacy advocates say more safeguards are needed to make it harder for other people to get personal information about drivers—whether the disclosures are authorized or not.

“Cars are for many Americans their second home. I don’t think I’m exaggerating when I say that probably most of us have danced in our car, cried in our car, and we’ve yelled in the privacy of our car,” says Joe Jerome, a lawyer with the Center for Democracy and Technology a Washington, D.C.-based nonprofit advocacy group. “A lot of this technology sort of changes that dynamic.”

But the really serious threats, security experts say, lie a few years ahead, as internet-connected networks spread across car makes and models. For instance, hackers might lock the doors of an entire model line, extorting the auto maker to allow it to regain access.

“It is just a matter of time before large-scale attacks occur” on automobiles, Miroslav Pajic, Duke University assistant professor of electrical and computer engineering, said at a June conference on connected cars co-sponsored by the National Highway Traffic Safety Administration and the Federal Trade Commission.

Elon Musk, the chief executive of electric car-company Tesla Inc., TSLA, -0.08%highlighted the danger in a July speech to a gathering of state governors in Rhode Island. Predicting almost all new cars will have fully autonomous driving capability within a decade, Musk said that could prompt a “fleetwide hack.”

In the wake of the recent incidents involving security flaws, and the threat of more, the government is starting to weigh in. Last year, the FBI issued a statement warning the public about the risks of car hacks. A proposed bill that passed the House of Representatives recently and is now headed to the Senate would require auto makers to appoint cybersecurity officers and implement plans “for detecting and responding to cyberattacks, unauthorized intrusions and false and spurious messages or vehicle control commands.”

Hoping to stave off regulatory action, 14 major auto makers created a forum two years ago, known as the Automotive Information Sharing and Analysis Center, or Auto ISAC, to act as a clearinghouse for industry best practices. The group says it will hold its first summit in December.

Meanwhile, two leading auto-maker trade groups have spelled out privacy principles regarding personal data to give owners more options, such as providing an ability to opt out of services that share data on location and other metrics, and adding protections for owners who opt in.

Car markers are also working to fortify their connected systems. They’re patching flaws in software as they become aware of them, and beefing up security so that spoofed, or fake, messages can be identified and stopped, or stymied if they get past defenses. For instance, car engines might not obey a command to “start and accelerate” unless air-bag sensors in the car confirmed someone is in the driver’s seat.

General Motors Co., GM, -0.10% the largest U.S. auto maker, set up a dedicated cybersecurity group three years ago that currently numbers 80 people. In July, GM hired two cybersecurity experts who directed the Jeep hack in 2014.

Last year, Fiat Chrysler FCAU, -0.34% set up a “bug bounty” program to pay hackers for information on flaws that could allow unauthorized access, but the company won’t say if that has identified any vulnerabilities. Ford Motor Co. F, -0.08% and other global auto makers also have active programs to counter vehicle hacking.

What level of threat?

For now, analysts inside and outside the auto industry agree the systemic risk to cars is limited. Most attacks have been contained to a specific vehicle, and usually require close physical proximity and an intimate knowledge of which connectivity technology is being used. All of the known penetrations of vehicles were orchestrated by cybersecurity experts for demonstration purposes.

These “white hat” hackers are more interested in exposing auto makers’ vulnerability and hubris than causing any harm to drivers. And even “black hat” hackers may be more of a nuisance than a danger, doing things like disabling a rear camera or erasing a digital-music library.

Security officials say criminal hackers are more likely to remain focused on targets such as financial institutions that can be penetrated remotely, at greater scale and for some sort of financial payoff.

And some auto-industry representatives say the threat of systemic hacks is overblown, noting that so far there has never been a successful “commercial hack” by criminal groups.

“Yes, it provides some potential vulnerabilities,” Dave Schwietert, executive vice president of the Alliance of Automobile Manufacturers, an industry lobby, said at the June conference in Washington. But “the benefits, we believe, far outweigh the downside risks.”

Consumers are willing to accept that trade-off when it comes to smartphones and other connected devices, and cars are the next logical frontier for the internet to conquer. But as those connections to the outside world proliferate, so does the potential for exposure to bad actors, says Craig Smith, research director of transportation security at Rapid7 Inc., RPD, -1.53% a Boston-based security-data and analytics firm, and author of a guide for penetration testers, “The Car Hacker’s Handbook.”

“There’s always a bug you’re not aware of, so you’re not going to be able to avoid penetration at every point of contact,” says Smith.

Credit Suisse’s Vamil Divan and his team lowered earnings estimates for the drug maker and cut the price target on the stock from $286 a share to $266 a share, citing the recent refusal-to-file letter from the FDA on the Vraylar label expansion, the $2 billion share buyback plan announced yesterday and other adjustments.

In the same note Divan remarked that the outcome of the patent challenge over Restasis is one of the biggest challenges facing the stock, and the deal it struck with the Saint Regis Mohawk Tribe of upstate New York has turned off some investors.

We have been surprised, however, by the degree of questions around the agreement, including comments from some investors who mentioned they are currently unable to invest in AGN as their firm reviews whether an investment in AGN would meet their standards for socially responsible investing (SRI). We are also surprised that some view the agreement as a sign that AGN is not confident in winning the ongoing District Court case around these patents. In our view, AGN management would not have proceeded with the Saint Regis Mohawk agreement if they felt they were going to lose the District Court case. A decision from the District Court case is expected on or before October 28 and we think this will go a long way towards impacting sentiment around the story. An AGN loss would raise more questions as to why they proceeded with the controversial Saint Regis Mohawk Tribe agreement, but an AGN win, combined with the agreement, will likely give investors more comfort around AGN’s outlook for the next several years. We are not making any changes to our Restasis estimates with this note. We continue to assume a mid-single digit yoy rate of decline in the franchise from 2016-2021 and we continue to assume entry of generic versions of the product in the US in 2022 while waiting for news from the ongoing litigation.

At $209.38, shares of Allergan are down just over 1% in recent market action.

A former NBA rookie of the year and a senior Adidas executive are among 10 people who’ve been charged with bribery and fraud in a major probe of corruption in NCAA college basketball.

Chuck Person, an assistant coach at his alma mater Auburn, has been indicted by federal investigators in an alleged conspiracy to steer certain players with pro potential to agents seeking their business. Person, a college teammate of Charles Barkley, was NBA rookie of the year in 1987.

Assistants at the University of Arizona, University of Southern California and Oklahoma State have also been charged.

In addition, the FBI and federal prosecutors in New York have arrested James Gatto, director of global marketing for Adidas basketball. He was charged with conspiring with coaches to pay players to attend certain schools sponsored by Adidas.

Investigators launched a probe of NCAA college basketball in 2015.

With so much television money at stake, major colleges are engaged in a heated competition to recruit the best high school players in the country. Many NCAA assistants are hired mainly for their connections to prominent high school coaches or players, especially those involved with traveling Amateur Athletic Union, or AAU, teams that often feature several high-profile prospects.

Financial agents, for their part, have a vested interest in developing ties with talented high school and college players who might end up in the NBA. The average pro player makes $6 million a year and the very best, like Stephen Curry and Lebron James, earn more than $30 million a season.

The big sneaker companies, meanwhile, compete for contracts to supply shoes and uniforms to college basketball powers in an effort to cultivate relationships with future NBA stars. Sales of shoes endorsed by NBA stars tend to be the biggest sellers in the lucrative sneaker market.

Nike NKE, +1.12% has long dominated the field, but Adidas ADDYY, -3.00% has been nipping at its heels and Under Armour UA, -1.55% is trying to broaden its reach in a multi-billion dollar industry. Curry left Nike for Under Armour in 2013.

In statement, Adidas said it’s aware one of its employees have been arrested. “We are unaware of any misconduct and will fully cooperate with authorities to understand more.”

We demonstrate empirically that the gains from predicting corporate earnings, or consensus hits and misses—an activity at the core of most investment methodologies—have been shrinking fast over the past 30 years. We identify the main reasons for this loss of earnings relevance and propose an improved alternative to current investment methodologies, one that focuses on the “strategic assets” of the enterprise and their
contribution to maintaining the company’s competitive edge. We demonstrate this investment methodology using subscription-based companies. [MORE]

Feng Gu is professor of accounting at the School of Management, State University of New York at Buffalo. Baruch Lev is professor of accounting and finance at the Stern School of Business, New York University.

Health Insurance Innovations, Inc. (HIIQ), a leading developer, distributor, and virtual administrator of affordable health plans, held a conference call recently to give a management update. As a follow-up to that call, the Company today provided the following statement to address certain misleading information in the marketplace, including information in a third-party investor report issued yesterday:

Indiana Multistate Examination

The Indiana Multi-State examination is an open matter, where the lead regulators have not yet provided any written findings, or a framework for resolution. A third-party report published yesterday referred to a potential estimated combined fine amount of $100 million, which the author based on unstated or inapplicable data points. This amount does not correspond to any estimates, analyses, or communications undertaken or made by the Company, and the Company does not believe that this number has any basis in fact. The Company has cooperated fully and in a transparent manner in all matters.

Closed Regulatory Matters

HIIQ’s regulatory matters are publicly disclosed in SEC filings, after working diligently with counsel to provide appropriate detail related to any active investigations. Closed matters, such as those in Arkansas (released from its C&D Aug. 2016) and Ohio (closed Aug. 2017), neither of which concluded with regulatory action from the respective states.

Florida TPA license

As previously disclosed by the Company, in June 2017 the Florida Office of Insurance Regulation (“OIR”) denied the Company’s application for licensure as a TPA based on the OIR’s determination that the Company had not provided all information required to process the application. In June 2017, the Company appealed the denial with the Florida Division of Administrative Hearings in order to preserve its rights. A final hearing on the appeal was originally scheduled for October 17-20, 2017, but the proceeding is on hold, and the Company is currently engaged in a dialogue with the OIR on a potential resolution that would enable the Company to withdraw the appeal and either re-submit the application or engage in discussions regarding whether the OIR will require the Company to hold a TPA license at all.

In a report issued yesterday by a third party, the author of the report mischaracterized certain disclosure questions that arose during the application process regarding prior legal proceedings involving Michael Hershberger, the Company’s Chief Financial Officer. In connection with the licensing application process, the Company received comments from OIR about the need to disclose certain prior legal proceedings involving Mr. Hershberger. Those legal proceedings involved Mr. Hershberger’s prior business as a real estate developer in the Dane County, Wisconsin area. One case involved a monetary claim (and not a foreclosure) that was quickly settled, and another case was one in which Mr. Hershberger was mistakenly named as a party (and from which Mr. Hershberger was therefore dismissed). Mr. Hershberger has provided all requested information, and no information is outstanding in regard to these matters. These matters are not significant, and there are no “undisclosed legal actions against HIIQ insiders”. Similar misleading statements were made in the third-party report regarding legal proceedings involving Michael Kosloske, as those proceedings involved a car accident and an employment agreement dispute with a prior employer, both of which Mr. Kosloske initially believed were not responsive to the requirements of the TPA application, but we subsequently provided.

In addition to the above, a third party yesterday took out of context a statement made by counsel to the Company in a letter to OIR regarding a “domino effect”. The Company’s counsel was making a reference to the fact that an application denial would likely be a disclosure item on all future licensing in other states, which would add significant work to future licensing efforts in those states.

Since its inception, the Company has operated in the State of Florida under an Agency License issued by the Florida Department of Financial Services that allows the Company to sell insurance products in the state. Many states, including Florida, have statutes that require the licensure of TPAs, and the statutes and applicable regulations vary from state-to-state with respect to the nature of the business activities that may require licensure. Because the Company’s business model does not fall into the category of business activities ordinarily contemplated by state TPA statutes, the need for the Company to become licensed as a TPA in a particular state is not always clear and generally involves an analysis and dialogue with applicable state regulators. As of today, the Company applied for and obtained TPA licenses in approximately 34 states, and applications in 8 states are pending, and in other states the Company confirmed that licensure is not required. The Company has operated in the State of Florida since its inception, and based on discussions with the OIR, the Company determined that its business activities likely require licensure as a TPA even though the Company is not a traditional TPA. Although the Company has pursued the licensure process described above, the Company believes that further contemplated dialogue with OIR could result in a conclusion that TPA licensure is not necessary, and otherwise the Company intends to seek such licensure and has since provided all information requested by the OIR. The OIR has not to date informed the Company that it intends to request that the Company modify its business activities in Florida, and the Company is in regular communication with the OIR on other compliance matters.

ProQR Therapeutics NVPRQR 13.18%, a nano-cap pre-clinical stage bio pharmaceutical company engaged in the discovery and development of ribonucleic acid-based therapeutics for the treatment of severe genetic disorders, announced the completion of a phase 1b study Monday, which helped boost shares of ProQR higher by 4 percent early Tuesday morning.

ProQR’s phase 1b safety and tolerability clinical trial of QR-010, a novel investigational RNA therapeutic in subjects with cystic fibrosis, saw favorable tolerability across all doses coupled with no drug related adverse events, Leerink’s Joseph Schwartz commented in a research report. Perhaps more important, the company reported improvements in exploratory endpoints, including improvements in patient symptoms according to the CFQ-R (12.5mg dose, p=0.0072) and a 10.9 percent (p=0.0461) improvement in percent predicted forced expiratory volume.

Schwartz maintains an Outperform rating on ProQR’s stock with a price target boosted from $10 to $12.

The data report should be viewed as a “positive validation” for the company’s RNA repair platform for two reasons, the analyst noted. First, it validates clinical safety and tolerability, and second, it gives the company the opportunity to now evaluate its platform in a bigger and more severe CF population group. However, the company has yet to confirm any future developments but it is evaluation collaborations as a combo therapy or as a monotherapy.

Yet despite the encouraging data, the analyst still sees a 30 percent probability of success which does mark an increase from a prior estimate of just 20 percent. Also, the company’s peak penetration now stands at 33 percent which is lower from a prior 45 percent estimate to reflect the “increasingly competitive CF landscape.”

At time of publication, shares of ProQR were down 10.76 percent at $5.76.

Shares of Repligen (RGEN) are sliding after GE Healthcare (GE), its largest customer, announced plans to launch a new Protein A resin that will not use the former as the manufacturer of the associated Protein A ligand. Commenting on the news, Jefferies analyst Brandon Couillard said while the near-term impact may be “negligible” to Repligen, the longer-term implications are negative. Meanwhile, his peer at Stephens told investors that he sees GE Healthcare’s resin as a niche product and he remains positive on Repligen. NEW PROTEIN A RESIN: GE Healthcare has introduced a new Protein A chromatography resin, MabSelect PrismA, which the company says will help biopharmaceutical manufacturers improve their monoclonal antibody purification capacity by up to 40%. The resin is significantly more alkaline-stable, meaning that MabSelect PrismA can be cleaned with a higher concentration of sodium hydroxide to better control cross-contamination and bioburden risks, GE stated in its announcement yesterday. MabSelect PrismA addresses a number of key challenges, including the increased upstream titers, the company said, adding that the new resin is highly efficient due to its excellent binding capacity. MabSelect PrismA has been developed at the GE Healthcare Life Sciences site in Uppsala, Sweden, where the resin is also manufactured. Between 2017-2022 GE Healthcare is annually investing up to $70M in the production facility to significantly increase the factory’s capacity. GE LAUNCH TO WEIGH ON VALUATION: Jefferies’ Couillard told investors that GE Healthcare will not utilize Repligen as the manufacturer of the associated protein A ligand for the new Protein A chromatography resin. While the near-term financial impact appears negligible to Repligen given its long-term contracts and new Protein A resins’ typical long adoption cycle, the long-term implications are negative, as GE Healthcare’s move to in-source Protein A ligands diminishes the value of Repligen’s near-monopoly position and could weigh on its premium multiple. GE Healthcare’s sizable planned investment outlay suggests it may eventually look to bring production of other protein A ligands in-house as part of a broader continuity plan once its long-term contracts expire in 2019/2021, the analyst added. Moreover, Couillard pointed out that the move also brings into question whether Millipore-Sigma may pursue a similar in-sourcing strategy down the road. The analyst reiterated a Hold rating and a $40 price target on Repligen shares. GE RESIN A NICHE: In a research note of his own, Stephens analyst Drew Jones told investors that he is “not distracted” from his positive long-term outlook on Repligen after GE Healthcare’s plans. The analyst believes this will be a niche resin that will not drive “meaningful” revenue for at least five to seven years. Further, Jones noted that Repligen’s revenue from GE Healthcare will not be impacted due to long-term contracts. The analyst reiterated an Overweight rating and $50 price target on Repligen shares. PRICE ACTION: In morning trading, shares of Repligen have dropped almost 13% to $37.69.